Why do customer support (and thus the malware) have access to the customers full card details? This is not needed to take a payment if the details are stored properly in the system. They should see the last 4 digits and expiry date, the same as the end user when confirming a payment.